ljre24
January 6th, 2007, 11:50
I've been working on this program's serial generation procedure for almost a month now. So far I've been able to reverse engineer almost half of the code involved, but I've recently hit a really confusing stump lately.
The serial generation mechanism works in the following way. You enter your name in one field, and your company in another. This generates a 32 bit identification number which is displayed on the screen. When you purchase the product you give the generated identification number and you receive a serial number made up of two parts, a 6 digit string, and an 8 digit number, separated from the string by a hyphen. An example would be:
MRSPEH-88423197
The first thing the program does is to save the first string as it is and take the second string(the number) and store it in memory as a 32 bit number.
The program then proceeds to sum up the ASCII values of the first string, each value being multiplied by 64h before it's added to the accumulated result.Then it takes the identification number (the one it displays to the user) and performs a great number of bit manipulations on it in combination with a large buffer that contains certain values, finally generating a number that is added to the summed up ASCII values of the first string. The value is then saved.
A number of very similar operations are then performed on the first string and the identification number again. After all this mess, never minding the details (for now), it simply generates a number which it finally then proceeds to compare to the 32 bit number generated from the second part of the serial number. If the generated number is equal to the second part of the serial number, then the test succeeds and you get a window congratulating you and asking you to restart to activate the full product.
So just as a test, instead of fully analizing the whole procedure, I just inserted a random first string, a random second string, say "STRING-12345678" for example, and waited until the procedure got to the point of that final comparison, so what I did was to note down the 32 bit number it was comparing to the 32 bit number generated from the second part of the string (12345678), say the number was 32432123, and reinserted it into the serial number field, so this time it would be STRING-32432123.
And it worked! Apparently I got the congratulation window, and it asked me to restart to begin using the full product. I restarted, but I was greeted once again with the trial splash screen
 I got the congratulation window, and it asked me to restart to begin using the full product. I restarted, but I was greeted once again with the trial splash screen  It didn't work. I tried doing the same but with an already proven registration number for a certain name and company, and that worked perfectly.
 It didn't work. I tried doing the same but with an already proven registration number for a certain name and company, and that worked perfectly. 
So what on earth happened? I got the same congratulation window for both numbers, but why didn't mine work after the program restarted? Is there a second hidden validation test the moment the program starts? I still haven't figured that out since I can't decide between debugging the moment the program starts or reverse engineering the rest of the serial number generation procedure. The part that is most discouraging is knowing that I managed to pass the final comparison test WITH THE PROGRAM TELLING ME I WAS RIGHT but it was still wrong after the program restarted. What could be going on here?
The serial generation mechanism works in the following way. You enter your name in one field, and your company in another. This generates a 32 bit identification number which is displayed on the screen. When you purchase the product you give the generated identification number and you receive a serial number made up of two parts, a 6 digit string, and an 8 digit number, separated from the string by a hyphen. An example would be:
MRSPEH-88423197
The first thing the program does is to save the first string as it is and take the second string(the number) and store it in memory as a 32 bit number.
The program then proceeds to sum up the ASCII values of the first string, each value being multiplied by 64h before it's added to the accumulated result.Then it takes the identification number (the one it displays to the user) and performs a great number of bit manipulations on it in combination with a large buffer that contains certain values, finally generating a number that is added to the summed up ASCII values of the first string. The value is then saved.
A number of very similar operations are then performed on the first string and the identification number again. After all this mess, never minding the details (for now), it simply generates a number which it finally then proceeds to compare to the 32 bit number generated from the second part of the serial number. If the generated number is equal to the second part of the serial number, then the test succeeds and you get a window congratulating you and asking you to restart to activate the full product.
So just as a test, instead of fully analizing the whole procedure, I just inserted a random first string, a random second string, say "STRING-12345678" for example, and waited until the procedure got to the point of that final comparison, so what I did was to note down the 32 bit number it was comparing to the 32 bit number generated from the second part of the string (12345678), say the number was 32432123, and reinserted it into the serial number field, so this time it would be STRING-32432123.
And it worked! Apparently
 I got the congratulation window, and it asked me to restart to begin using the full product. I restarted, but I was greeted once again with the trial splash screen
 I got the congratulation window, and it asked me to restart to begin using the full product. I restarted, but I was greeted once again with the trial splash screen  It didn't work. I tried doing the same but with an already proven registration number for a certain name and company, and that worked perfectly.
 It didn't work. I tried doing the same but with an already proven registration number for a certain name and company, and that worked perfectly. So what on earth happened? I got the same congratulation window for both numbers, but why didn't mine work after the program restarted? Is there a second hidden validation test the moment the program starts? I still haven't figured that out since I can't decide between debugging the moment the program starts or reverse engineering the rest of the serial number generation procedure. The part that is most discouraging is knowing that I managed to pass the final comparison test WITH THE PROGRAM TELLING ME I WAS RIGHT but it was still wrong after the program restarted. What could be going on here?

